particle-os/debian-image-builder-frontend
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
debian-image-builder-frontend/src/test/fixtures/oscap.ts
Michal Gold bf77501eea Wizard: Display customized policy rules in review summary 
Previously, when a user selected a compliance policy with tailored rules,
the review page always showed the default profile customizations instead
of the policy-specific customizations.

Root cause: OscapProfileInformation component was only using the profile
endpoint (/oscap/{distribution}/{profile}/customizations) which returns
base profile rules, not the policy endpoint
(/oscap/{policy}/{distribution}/policy_customizations) which returns
customized rules.

Changes:
- Add useGetOscapCustomizationsForPolicyQuery export to backendApi
- Implement dual data fetching in OscapProfileInformation:
  * Profile endpoint: for description and reference ID
  * Policy endpoint: for customized packages, services, kernel args

Fixes the compliance policy customization display bug where edited
policy rules were not reflected in the image build summary.

Add unit tests for compliance policy customizations

Fix profile description title
2025-08-14 19:42:19 +00:00

140 lines
4.8 KiB
TypeScript
Raw Blame History

import { mockPolicies } from './compliance';
import {
GetOscapCustomizationsApiResponse,
GetOscapProfilesApiResponse,
} from '../../store/imageBuilderApi';
export const distributionOscapProfiles = (): GetOscapProfilesApiResponse => {
return [
'xccdf_org.ssgproject.content_profile_cis_workstation_l1',
'xccdf_org.ssgproject.content_profile_cis_workstation_l2',
'xccdf_org.ssgproject.content_profile_standard',
'xccdf_org.ssgproject.content_profile_stig_gui',
'xccdf_org.ssgproject.content_profile_ccn_basic',
];
};
export const oscapCustomizations = (
profile: string,
): GetOscapCustomizationsApiResponse => {
if (profile === 'xccdf_org.ssgproject.content_profile_cis_workstation_l1') {
return {
filesystem: [
{ min_size: 1073741824, mountpoint: '/tmp' },
{ min_size: 1073741824, mountpoint: '/home' },
],
openscap: {
profile_id: 'xccdf_org.ssgproject.content_profile_cis_workstation_l1',
profile_name:
'CIS Red Hat Enterprise Linux 8 Benchmark for Level 1 - Workstation',
profile_description:
'This is a mocked profile description. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean posuere velit enim, tincidunt porttitor nisl elementum eu.',
},
packages: ['aide', 'neovim'],
kernel: {
append: 'audit_backlog_limit=8192 audit=1',
},
services: {
masked: ['nfs-server', 'emacs-service'],
disabled: ['rpcbind', 'autofs', 'nftables'],
enabled: ['crond', 'neovim-service'],
},
};
}
if (profile === 'xccdf_org.ssgproject.content_profile_cis_workstation_l2') {
return {
filesystem: [
{ min_size: 1073741824, mountpoint: '/tmp' },
{ min_size: 1073741824, mountpoint: '/app' },
],
openscap: {
profile_id: 'content_profile_cis_workstation_l2',
profile_name:
'CIS Red Hat Enterprise Linux 8 Benchmark for Level 2 - Workstation',
profile_description:
'This is a mocked profile description. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean posuere velit enim, tincidunt porttitor nisl elementum eu.',
},
packages: ['aide', 'emacs'],
kernel: {
append: 'audit_backlog_limit=8192 audit=2',
},
services: {
masked: ['nfs-server', 'neovim-service'],
enabled: ['crond', 'emacs-service'],
},
};
}
if (profile === 'xccdf_org.ssgproject.content_profile_standard') {
return {
openscap: {
profile_id: 'content_profile_standard',
profile_name: 'Simplified profile',
profile_description:
'This is a mocked profile description. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean posuere velit enim, tincidunt porttitor nisl elementum eu.',
},
services: {
enabled: ['crond', 'emacs-service'],
},
};
}
if (profile === 'xccdf_org.ssgproject.content_profile_ccn_basic') {
return {
openscap: {
profile_id: 'content_profile_ccn_basic',
profile_name: 'Kernel append only profile',
profile_description:
'This is a mocked profile description. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean posuere velit enim, tincidunt porttitor nisl elementum eu.',
},
kernel: {
append: 'audit_backlog_limit=8192 audit=1',
},
};
}
return {
openscap: {
profile_id: 'content_profile_stig_gui',
profile_name: 'DISA STIG with GUI for Red Hat Enterprise Linux 8',
profile_description:
'This is a mocked profile description. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean posuere velit enim, tincidunt porttitor nisl elementum eu.',
},
packages: [
'aide',
'sudo',
'rsyslog',
'firewalld',
'nftables',
'libselinux',
],
kernel: {
append: 'audit_backlog_limit=8192 audit=1',
},
services: {
masked: ['nfs-server', 'rpcbind', 'autofs', 'nftables'],
enabled: ['crond', 'firewalld', 'systemd-journald', 'rsyslog', 'auditd'],
},
fips: {
enabled: true,
},
};
};
export const oscapCustomizationsPolicy = (
policy: string,
): GetOscapCustomizationsApiResponse => {
const policyData = mockPolicies.data.find((p) => p.id === policy);
const customizations = oscapCustomizations(policyData!.ref_id);
// Simulate different levels of customization based on policy
if (policy === 'custom-policy-123') {
// This policy has user-customized rules - only neovim remains
customizations.packages = ['neovim']; // User removed aide package
} else {
// Other policies: filter out a single package to simulate basic customizations
customizations.packages = customizations.packages!.filter(
(p) => p !== 'aide',
);
}
return customizations;
};
Reference in a new issue View git blame Copy permalink